Perceptive Security
SOC/SIEM Consultancy
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3…
Published:
6 May 2026 at 22:00:00
Alert date:
7 May 2026 at 05:02:57
Source:
nvd.nist.gov
Supply Chain & Dependencies
OpenEXR, an image storage format for the motion picture industry, contains an integer overflow vulnerability in ImageChannel::resize function. The vulnerability affects versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11. The integer overflow leads to heap out-of-bounds write via OpenEXRUtil public API. This vulnerability has been patched in versions 3.2.9, 3.3.11, and 3.4.11. The issue poses significant security risks as it allows memory corruption attacks through heap buffer overflow.
Technical details
Mitigation steps:
Affected products:
OpenEXR
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-41142
https://github.com/AcademySoftwareFoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4
https://github.com/AcademySoftwareFoundation/openexr/pull/2367
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m25w-72cj-q6mg
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.